Our first DDOS attack, what happened and what we’ve learned…

DDOS, or distributed denial of service attacks are becoming more common place on the internet. There are a large list of articles online telling you everything you need to know about what these attacks are, so we’re not going to re-invent the wheel.

According to Digital Attack Map a DDOS attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.

They go on to say that you can currently buy a DDoS for as little as a $150, there are more than 2000 daily attacks, and 1/3 of all server downtime is due to a DDoS attack. So they are incredibly serious and very difficult to avoid, in our case we had a 10gb attack that lasted just short of 2 hours started on the 24th January 2018. This attack was aimed at one of our shared hosting servers’ shared IP addresses and effectively overloaded its ability to handle the data incoming.

We did prepare for this…

We had prepared as much as we thought but even with a Fortigate firewall with specs including 200Mbps Threat Protection and 2.5 Gbps protection, 4 separate Gb cables to each server combined into a active/passive bind, and monthly maintenance windows, there was no way to prevent such a devastating attack.

Reviewing the firewalls we pulled the following images to show you the effect of the attack;

firewall attack


You can see the difference in the traffic to the server, it was drastic compared to our normal traffic, but the firewall wasn’t struggling.

Firewall attack 2

You can also see on these images that we’re used to constant attempts to access the server and bypass our security. In fact if you look at earlier in the day there was a more focused attempt to access everything and it didn’t affect our services.

The server affected noticed the spike in traffic, as shown in this graph, it wasn’t struggling but the traffic was clearly increasing.

Xenserver graph


The server that was attacked also registered the increase network spike but it was still only half of the physical limit of the devices.

So if everything was working fine, why did everything stop?

The problem we faced was capacity, we share the racks in the data centre with other customers and with an attack of this scale the data centre registered the attack and immediately noticed the degradation of service for the entire cabinet. If one server is being attacked it can affect all the servers in the rack, meaning the data centre have to make difficult choice to protect 35 other servers over the one being attacked.

Server Rack
Examples of 1U servers

By disabling the attacked site/server the attack has nowhere to go and simply stops. The DDoS is effectively still running but it doesn’t have a target, so the bot net running it will just keep trying for as long as it was paid to run.

So what can we do in the future to avoid this?

The difficult reality is avoiding it is near impossible but mitigating it is possible. DDoS are a normality of internet life, what we need to do is educate and improve our security for next time. We have started investigating our data centre setup to see if we can do something else next time, moving equipment, further redundancy, anything physical we can do and  any investment we can take. These all  take time and testing but we’ll get it done.

There’s a lot a user can do (yes you the reader), Cloudflare offer caching and DDoS protection for websites as standard, and we offer Cloudflare as standard on our servers. If you turn this one, it re-directs your domain name to them and caches your site on their systems, this means if the attack is aimed at you, Cloudflare will be hit first and can handle the attack for a few hours, hopefully by which time the attack ends and no one notices. If the attack is against us, your website is cached at Cloudflare and is still able to run (in a limited fashion) meaning no one knows.

We’re also going to split our customers up into IP groups, this means that if the attack happens again, we’ll only loose a few customers not them all. We’ll be organising this over the coming weeks.

Finally, a few of us had Office 365 as our email provided. This meant that our websites were down but our email was still running. We could reply, deal with the data centre and still manage the support desk.

We’re not done and no amount of bullying will stop us from providing excellent service.

Please follow and like us:

Move to PHP7 and leave 5 behind…

php7 logo

PHP7 has already been around the block once or twice, did you know it was released Dec 2015, that means it just turned 3! There are still a lot of people out there that still use PHP5.6 or less, to put this in perspective PHP5.3 was released in June 2009 which makes it 9 years old!!! Consider how many updates and bugs have been located since then… the frightening thing is that most of the websites we see still use 5.4, which was released in March 2012 and stopped receiving support September 2015!!!

This is direct from PHP.net;

Supported Versions

Each release branch of PHP is fully supported for two years from its initial stable release. During this period, bugs and security issues that have been reported are fixed and are released in regular point releases.

After this two year period of active support, each branch is then supported for an additional year for critical security issues only. Releases during this period are made on an as-needed basis: there may be multiple point releases, or none, depending on the number of reports.

Once the three years of support are completed, the branch reaches its end of life and is no longer supported.

Currently Supported Versions

Branch Initial Release Active Support Until Security Support Until
28 Aug 2014 3 years, 4 months ago 19 Jan 2017 11 months ago 31 Dec 2018 in 11 months
7.0 3 Dec 2015 2 years ago 3 Dec 2017 30 days ago 3 Dec 2018 in 11 months
7.1 1 Dec 2016 1 year, 1 month ago 1 Dec 2018 in 10 months 1 Dec 2019 in 1 year, 10 months
7.2 30 Nov 2017 1 month ago 30 Nov 2019 in 1 year, 10 months 30 Nov 2020 in 2 years, 10 months

Or, visualised as a calendar:

Today: 2 Jan 2018

PHP Version Support Chart
Current support of PHP Versions


Active support A release that is being actively supported. Reported bugs and security
issues are fixed and regular point releases are made.
Security fixes only A release that is supported for critical security issues only. Releases
are only made on an as-needed basis.
End of life A release that is no longer supported. Users of this release should
upgrade as soon as possible, as they may be exposed to unpatched security

So if you’re using anything other than 7.x you’re in trouble, without regular security updates and patches software becomes troublesome! We always recommend 7 to everyone for the security, but it also comes with other advantages, lets talk about those for a second.

Higher Load Capacity

The upward shift in performance you get from PHP7 is due to the changes in phpng, these changes allowed us to adopt PHP7 smoothly, in fact most of our customers don’t realise they are on PHP7 as its default for new WordPress installs. Along with the performance boost PHP7 is better with memory, it just knows when to let go of the RAM more, meaning your site can run on less resources!

Lets make this more visual!

PHP 5.5

Transactions:              4354 hits
Availability:              100.00 %
Elapsed time:              299.64 secs
Data transferred:          17.23 MB
Response time:             1.21 secs
Transaction rate:          14.53 trans/sec
Throughput:                0.06 MB/sec
Concurrency:               17.59
Successful transactions:   4354
Failed transactions:       0
Longest transaction:       2.04
Shortest transaction:      0.12


Transactions:              5256 hits
Availability:              100.00 %
Elapsed time:              299.53 secs
Data transferred:          20.06 MB
Response time:             0.92 secs
Transaction rate:          17.55 trans/sec
Throughput:                0.07 MB/sec
Concurrency:               16.12
Successful transactions:   5256
Failed transactions:       0
Longest transaction:       11.54
Shortest transaction:      0.43


Transactions:              11333 hits
Availability:              100.00 %
Elapsed time:              299.38 secs
Data transferred:          44.84 MB
Response time:             0.16 secs
Transaction rate:          37.85 trans/sec
Throughput:                0.15 MB/sec
Concurrency:               6.16
Successful transactions:   11333
Failed transactions:       0
Longest transaction:       0.77
Shortest transaction:      0.02

As you can see, compared to 5.5, Facebook HHVM is 1.2x faster but PHP7 is 2.6x faster! The speed increase is so easy to see!

PHP7 also comes with a host of new operators and tools suited for developers, which are kindly listed here

Overall, PHP 7 is faster, more secure, and significantly more resource efficient than older versions. To give you an example, a site running PHP 7 can handle twice as many visitors as PHP 5 can, using the same amount of memory. This means your shared hosting plan can take your website further for the same money!

Please follow and like us:

Don’t put all your eggs in one basket!

We’re all tempted to go for one company to solve all our needs, one voice to filter everything out and offer the service you want. Is it really the best idea, let us explore why we think multiple agents and contacts is best for your online presence.

We’re going to break this down into the technical/marketing and sales sides of your digital world, starting with our speciality, the technical side;

Domain Name

Your website address, URL or common name Domain is your online identity, many of us have built our business name around the domain name we could purchase, be that fizzyblonde.uk, archers.law, or musicisthekey.door the variations you can choose from are fantastic, so after spending hours searching for the domain name, buy it yourself!

You will then own this, it won’t be accidentally purchased by another company, and you have all the rights to move it anywhere you like and it’s yours. Now we can sell you domain names, but we always advise our customer to purchase them elsewhere to keep things more secure and give them freedom.


You can get hosting directly from a supplier, you can buy it from a reseller and you can buy it with you domain registrar. All are equally as good, but ask yourself what would happen in a nightmare scenario? If you purchase it from the web designer with your site and the designer doesn’t pay for their hosting, your site goes down and your on-line reputation is damaged. Maybe they go out of business, they are backing it up for you, or they offer you a great annual deal and forget to tell you that little changes are chargeable at their hourly rate.

If you take out the hosting yourself, you have control of the account, you’ve paid and if the developer goes under the hosting was separate and your site will live on. Any changes you want to make, can be done when you like and free of charge. You don’t have to wait until their office hours, and pay their fee, just contact the hosting company, ask them how and do it.


Let’s not go into too much detail here, you can read our previous article about why we think you should do it yourself here


This is paramount, as choosing the wrong one at the start could be disastrous to your site and cost you loads later on. WordPress is by far the most popular at the moment as it’s versatile and easy to setup but if you’re focusing on a shop front have a look at Magneto or Prestashop. If you’re confused go on a few courses and learn about them or read up on-line.


Most website development company and hosting companies will offer some degree of SEO for your site, but did you know there are loads of tools out there you can use for free to get you started. Have a look at Hypestar SEO tool, or for a more technical one, try dareboost.com. These are great if you want to save a bit of money and some time, but more importantly you can run these and keep them as comparisons to see how the professionals have done.

On that note, I think SEO is paramount and well worth paying for! Get a copywriter to help you write content, find a photographer to take pictures, getting the right people together the best way, but don’t over reach! If you’re testing a website and aren’t ready for the ecommerce plugin, skip the photographer and hire them when ready.

Having a separate approach allows you to manage you cash flow better and really lets you get the site you deserve.


Online sales, the place to be… get a SSL certificate. Google is not picking on sites without it even if they aren’t ecommerce sites, SSL certificates help SEO and secure your sites. Free ones such as Let’s Encrypt work great for none commerce sites but paid ones come with security and insurance. You can buy them from source, but since they are addons to your site, just get them from your hosting company.

Finally… before deciding if we’re right with the DIY approach, it’s worth mentioning that although you are certainly going to have an easier time paying someone to do everything, you’re never going to be in control of your property, your assets will always be available to someone.

Would you do that with your Car or House?

Go with different companies and limit your liability is our advice!

Find out more about our hosting packages at https://solblu.uk/sharedhosting.html

Please follow and like us: